Back-dooring PE Files on Windows [Updated 2018]

Portable Executable (PE) files are very commonly used today. Many people download these files from the internet or get it from a friend and run it on their systems without realizing the dangers involved in running these kind of files. It is very easy to add malicious code to these files and have it executed on the victim’s machine without the victim’s knowledge.

In this article, we would be looking at how to backdoor a Windows executable file. We will be using the popular putty executable and backdoor it with a reverse shell.

The Objective is to ensure that the modified putty executable gives a reverse shell back to the attacker’s machine and at the same time continues to function normally without any issues. We would not be using any kind of automated tools to backdoor this putty executable. However, we will be doing this manually to understand how this entire process works.

To follow the steps in this article, it is important to have basic knowledge of assembly language and a general familiarity with a Debugger (we will be using Immunity in this case) and its usage.

1) We will be injecting our malicious reverse shellcode into the putty executable. To do this first, we need to add the malicious code to the putty executable. This code can be placed directly in the executable (provided there is enough space) via a debugger otherwise; we can use a PE Editor tool (like Lord PE) to add a new section to the putty executable which can be used to place our shellcode in the binary. I will be using the PE Editor tool to add a new section to the executable

2) We will open up the putty executable in the Lord PE tool and add a new section header to (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Arvind Vishwakarma. Read the original post at: